This is the second story in a two-part series on password security.
Upcoming password resets
In the next few weeks, members of the UNMC community likely will receive a notification when they log in to their work computer instructing them to update and change their network password.
The IT Department requires that all colleagues and students change their network password at least every six months for security purposes. Routine password changes help UNMC defend itself from cyberthreats and serve to make it harder for malicious actors to steal passwords. IT encourages everyone to change their passwords proactively when it is convenient for them to do so.
The IT Help Desk can assist at any time if UNMC colleagues need to change their password. However, it is easy to do:
- Log into appstore.nebraskamed.com or appstore.unmc.edu;
- Click on your initials in the top right corner;
- Select “Account”;
- At the screen that follows, choose the option to “Change Password.”
When resetting a password, consider making it more secure than the last one. Please keep in mind it can take some time for passwords to sync across all applications and devices, so it is advised to change a password well before the deadline date and at a time when the replication process won’t impact daily work.
Protecting your password
So you’ve created a strong password. If a hacker can’t guess it, they may try to steal it.
There are many common attacks that hackers will use to find out your password:
Social engineering
Social engineering is an attempt to steal personal credentials. The most common form of social engineering comes in the form of phishing attacks, where a malicious actor pretends to be a trusted source – your bank, a favorite store, even the human resources department. While in disguise, they attempt to harvest personal information such as bank accounts, usernames and passwords. Be sure to report any suspicious emails you think may be a phishing attempt to information security. See more information on phishing.
Dictionary attack
In an attack like this, the hacker’s computer runs through a dictionary to try to guess what your password could be. A computer can try more than 1,000 passwords a minute. Even if you think you’ve come up with a great password that no human could guess, a computer still can. Therefore, it is critical to add a combination of numbers, characters and capital letters to increase the difficulty.
Hybrid attack
The hybrid attack functions like a dictionary attack, but takes it a step further. Attackers go through a word list and add random numbers and/or characters to the word. If your password includes a calendar year that is personal to you, such as a birth year or anniversary, it won’t take long for a computer to figure it out. Attackers also know that most people’s passwords use a capital letter for the first character of their password, and end the password ends with a “!” or “?” symbol. Avoiding this pattern makes guessing your password more difficult.
Brute force attack
Attackers can try to guess your password by trying all possible password combinations. This method is generally not very effective, but short and simple passwords can fall victim to this. Especially those on the top 200 most commonly-used passwords list.